jmwtac
1
So looking at setting up traefik to redirect incoming url to my MyQNAP.org app. e.g Leantime on the NAS
so I have leantime.webaddress.com setup, but when it routes thru to the app its saying not secure etc. displays basic layout but no formatting.
I have configured fileConfig.yml with the following :
http:
routers:
leantime:
rule: Host(leantime.mywebsite.com
)
service: leantime
services:
leantime:
loadBalancer:
servers:
- url: http://192.168.0.199:31322/
Share your full Traefik static and dynamic config, use 3 backticks before and after to format config.
jmwtac
3
fileConfig
routers:
leantime:
rule: Host(`leantime.crlljjk;kklk;'.com`)
service: leantime
services:
leantime:
loadBalancer:
servers:
- url: http://192.168.0.199:31322/
## MIDDLEWARES ##
middlewares:
# Only Allow Local networks
local-ipwhitelist:
ipWhiteList:
sourceRange:
- 127.0.0.1/32 # localhost
- 192.168.1.1/24 # LAN Subnet
test-auth:
basicAuth:
users:
- "admin:$apr1$8m5eypnf"
# Security headers
securityHeaders:
headers:
customResponseHeaders:
X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex"
server: ""
X-Forwarded-Proto: "https"
sslProxyHeaders:
X-Forwarded-Proto: https
referrerPolicy: "strict-origin-when-cross-origin"
hostsProxyHeaders:
- "X-Forwarded-Host"
customRequestHeaders:
X-Forwarded-Proto: "https"
contentTypeNosniff: true
browserXssFilter: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsSeconds: 63072000
stsPreload: true
# Only use secure ciphers - https://ssl-config.mozilla.org/#server=traefik&version=2.6.0&config=intermediate&guideline=5.6
tls:
options:
default:
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
jmwtac
4
global:
checkNewVersion: true
sendAnonymousUsage: false
serversTransport:
insecureSkipVerify: true
entryPoints:
web:
address: ":80"
# HTTPS endpoint, with domain wildcard
https:
address: :443
http:
tls:
# Generate a wildcard domain certificate
certResolver: letsencrypt
middlewares:
- securityHeaders@file
providers:
providersThrottleDuration: 2s
# File provider for connecting things that are outside of docker / defining middleware
file:
filename: /etc/traefik/fileConfig.yml
watch: true
# Docker provider for connecting all apps that are inside of the docker network
docker:
watch: true
network: traefik-net # Add Your Docker Network Name Here
# Default host rule to containername.domain.example
defaultRule: "Host(`{{ index .Labels \"com.docker.compose.service\"}}.crownparkcomputing.com`)"
swarmModeRefreshSeconds: 15s
exposedByDefault: false
endpoint: "tcp://dockersocket:2375" # Uncomment if you are using docker socket proxy
# Enable traefik ui
api:
dashboard: true
insecure: true
# Log level INFO|DEBUG|ERROR
log:
level: INFO
accessLog: {}
# Use letsencrypt to generate ssl serficiates
certificatesResolvers:
letsencrypt:
acme:
email: jhfgj@crownparkcomputing.com
storage: /etc/traefik/acme.json
tlschallenge: true
What does the Traefik debug log (doc) say about TLS cert generation? Do you see incoming requests in access log?
Also try without the securityHeaders
middleware just to see if it works.